Electronic transaction fraud, particularly payment card fraud, is an ever-increasing problem for financial institutions, such as credit card companies and banks. The introduction of electronic memory means (‘CHIP’) on cards, in association with personal identification numbers (‘PIN’) in recent years was aimed at eliminating such crime. Although card fraud in certain contexts has declined, card fraud in other areas has increased significantly.
Examples of various types of card fraud include the following.
Card-Not-Present (CNP)
Card-Not-Present (CNP) refers to Internet, phone and mail order fraud. Fraud happens when stolen card details are used pay for services and goods over the phone, the Internet or by mail order. The main problem for fighting this type of fraud efficiently, is that the cardholder is not present at the time of the fraud, therefore does not know about the fraud until after the fraud has been committed, as and when a statement of transactions for card is checked and evidences the fraudulent use.
Counterfeit Fraud
Counterfeit Fraud refers to situations wherein the magnetic stripe details of a card are fraudulently acquired, and one or more counterfeit cards, which are fake replicas of the card, are created therefrom. Stolen card details are transmitted to overseas accomplices, where counterfeit cards are created and used in areas where CHIP-and-PIN technology is yet to be introduced.
Lost and Stolen Card Fraud
Lost and stolen card fraud refers to fraudulent purchases committed with cards that have been lost by, or stolen from, the cardholder. Most lost and stolen card fraud takes place in shops that have yet to introduce CHIP-and-PIN technology or equipment: in such instances, a fraudulent user does not require a PIN and can use the card before the cardholder has reported the card lost or stolen. Some technologies are in place to counteract this type of fraud, for instance automated analysis of spending patterns performed upon customer card accounts. This type of fraud has declined in recent years, but remains important.
Mail Non-Receipt Fraud
Mail non-receipt fraud refers to fraudulent purchases committed with cards that have been stolen after card companies issue them and before the cardholders receive them, usually by intercepting mail containing a new or replacement card and/or PIN. This may occur in apartment buildings, or at the time of moving lodgings where the cardholder fails to redirect their mail in good time. This type of fraud has also declined in recent years, because fewer cards are issued and cardholders routinely maintain the same PIN for successive cards, such that a new PIN is not sent out.
Card ID Theft
Card ID theft refers to situations wherein new card accounts are opened with financial institutions, or existing card accounts are hijacked, on the evidence of fraudulently obtained cards or card details, along with fraudulently obtained personal information. Two main types of Card ID theft are known:                Application fraud corresponds to the use of stolen or fake documents to open a card account in another person's name. Criminals may try to steal documents such as utility bills and bank statements to build up sufficient convincing personal information, or may use counterfeit documents for identification purposes; and        Account take-over corresponds to attempts to take over another person's account, first by gathering information about the intended victim, then contacting their financial institution or credit card issuer whilst masquerading as the genuine cardholder. Funds may then be transferred out of the account, or the address on the account may be changed and new or replacement cards may be ordered then sent to the changed address.        
ATM Fraud
ATM Fraud refers to the fraudulent copying of the data stored on a card's magnetic stripe and recording of the PIN, while a cardholder uses an Automatic Teller Machine. Three main types of ATM Fraud are known:                Shoulder surfing refers to the practice of looking over a cardholder shoulder to observe and obtain the PIN, then stealing the card at a later occasion using distraction.        Device Card tapping refers to the practice of inserting a device into an ATM slot, which retains the card. A cardholder is then tricked into inputting the PIN again and, when the cardholder leaves the ATM, the card can be stolen then used to withdraw funds with the obtained PIN.        ATM skimming refers to the practice of attaching a device to an ATM, which records the data stored on a card's magnetic stripe as it is inserted into the ATM slot, and hiding a miniature camera overlooking the user input keys to observe and capture the PIN as it is input by a cardholder. The data obtained may be used to create counterfeit cards with genuine data encoded on their magnetic stripes, which can be used to withdraw funds with the obtained PIN, generally from cash machines overseas.        
Phishing
Phishing refers to the fraudulent acquisition of personal information such as usernames, passwords and credit card details from cardholders, by masquerading as an existing service supplier or trustworthy entity in an electronic communication. Communications, typically emails, purporting to be sent by popular social websites, auction sites, online payment processors, financial services providers or IT administrators are used to lure unsuspecting users into inputting personal information at fraudulent websites, the look and feel of which is substantially identical to the authentic, original website.
Due to the introduction of CHIP-and-PIN, card fraud has shifted to contexts wherein this authentication technology is not yet in use, such as the Internet and some overseas countries. Card fraud at the expense of retailers has declined whenever and wherever CHIP-and-PIN has been introduced, however fraudulent Card-Not-Present transactions are increasing.
It is therefore an object of the invention to provide a fraud prevention apparatus and method to at least mitigate the above problems.